Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43608 | 1 Doctrine-project | 1 Database Abstraction Layer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.
|
|||||
| CVE-2021-43510 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.
|
|||||
| CVE-2021-43509 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.
|
|||||
| CVE-2021-43506 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.
|
|||||
| CVE-2021-43484 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
|
|||||
| CVE-2021-43481 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
|
|||||
| CVE-2021-43451 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
|
|||||
| CVE-2021-43420 | 1 Online Payment Hub Project | 1 Online Payment Hub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2021-43408 | 1 Duplicate Post Project | 1 Duplicate Post | 2024-11-21 | 9.0 HIGH | 6.5 MEDIUM |
|
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who ...
Show More |
|||||
| CVE-2021-43362 | 1 Meddata | 1 Hbys | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.
|
|||||
| CVE-2021-43361 | 1 Meddata | 1 Hbys | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.
|
|||||
| CVE-2021-43329 | 1 Mumara | 1 Classic | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.
|
|||||
| CVE-2021-43155 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.
|
|||||
| CVE-2021-43130 | 1 Customer Relationship Management System Project | 1 Customer Relationship Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
|
|||||
| CVE-2021-43109 | 1 Puneethreddyhc Online-shopping-system Project | 1 Puneethreddyhc Online-shopping-system | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.
|
|||||
| CVE-2021-43094 | 1 Openmrs | 2 Openmrs, Reference Application | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.
|
|||||
| CVE-2021-43091 | 1 Yeswiki | 1 Yeswiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.
|
|||||
| CVE-2021-43077 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.
|
|||||
| CVE-2021-43035 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.
|
|||||
| CVE-2021-43010 | 1 Safedog | 1 Safedog Apache | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. Attackers can bypass access to sensitive data.
|
|||||
| CVE-2021-42945 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
|
|||||
| CVE-2021-42760 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
|
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.
|
|||||
| CVE-2021-42670 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
|
|||||
| CVE-2021-42668 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
|
|||||
| CVE-2021-42667 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
|
|||||
| CVE-2021-42666 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
|
|||||
| CVE-2021-42665 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
|
|||||
| CVE-2021-42655 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
|
|||||
| CVE-2021-42633 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.
|
|||||
| CVE-2021-42369 | 1 Zucchetti | 1 Imagicle Uc Suite | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
|
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
|
|||||
| CVE-2021-42334 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.
|
|||||
| CVE-2021-42333 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.
|
|||||
| CVE-2021-42325 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
|
|||||
| CVE-2021-42313 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
|
Microsoft Defender for IoT Remote Code Execution Vulnerability
|
|||||
| CVE-2021-42311 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
|
Microsoft Defender for IoT Remote Code Execution Vulnerability
|
|||||
| CVE-2021-42235 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
|
|||||
| CVE-2021-42224 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
|
|||||
| CVE-2021-42185 | 1 Wdja | 1 Wdja | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.
|
|||||
| CVE-2021-42169 | 1 Simple Payroll System With Dynamic Tax Bracket Project | 1 Simple Payroll System With Dynamic Tax Bracket | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
|
|||||
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
|
|||||